The way your data are used by any organization is governed by the Data Protection Act 1998 and the EU General Data Protection Regulation.
This privacy notice sets out how Little Conkers handles your personal data in accordance with these laws.
Your Data Controller
Firstly, you need to know who is the data controller and data protection officer for Little Conkers. Little Conkers is a one-woman business, so that would be me, Clare Trowbridge. You can contact me at any time to ask to see what data I hold about you, or about any other data protection issue.
E-mail me at: firstname.lastname@example.org
What data I collect and hold
The legal bases on which I receive and use your personal data are:
- I need the data in order to fulfil my contractual obligations to you, including fulfilling and shipping orders, providing a quotation prior to an order if requested, providing support on a purchased product if requested and if necessary processing returns and refunds;
- I need the data to comply with a legal obligation, including UK tax law in relation to providing evidence of my business income, and my obligations under Etsy’s selling regulations.
The data I receive on customers includes names, addresses and e-mail addresses, but I never receive payment or banking details. These data come to me mainly via Ravelry, Etsy and PayPal who have been authorized by customers to pass me the information necessary to fulfil an order. These organizations have their own privacy notices with which you should familiarize yourself. I also receive personal data directly from some customers who e-mail me to discuss or place an order. I don’t receive any personal data on customers buying on LoveCrochet or Makerist.
I retain these data on customers in the form of e-mails from Etsy, Ravelry, PayPal or the individual concerned for the length of time required by the UK tax authorities (5 years after the 31 January submission deadline of the relevant tax year).
If any other scenario were to arise in the future which required the use or retention of your personal data, I would always obtain your full, informed consent in advance of proceeding.
I never have and never would use the e-mail addresses supplied by customers for any other purpose, such as marketing e-mails.
How I store your data
The e-mails described above containing personal data are stored on the servers of my e-mail provider and on my business computer which is password protected and kept updated with the latest operating system and app updates.
Fulfilling customer orders may also require personal data to be held in hard copy, in particular postal addresses on shipping manifests and proofs of posting from my shipping provider. These are kept in a lockable filing cabinet.
Sharing your data
The only circumstances in which I share your data will be in fulfilment of an order or in complying with the law, as given above in “What data I collect and hold”. I will never share your data with any other individual or organization.
Viewing and amending your data
You have the right to receive a copy of the personal data I hold about you at any time. To request this, please use the contact details above. I may need to ask you for information to satisfy myself of your identity before releasing any information to you.
I will reply to you as soon as possible and always within one month.
You have the right to request the correction or erasure of the data I hold on you, but the right of erasure does not apply where I am retaining data to comply with a legal obligation (see “What data I collect and hold” above).
You also have the right to complain to the UK’s national privacy authority ico.gov.uk if you believe there is a problem with the way I handle your data.
I run Little Conkers in as professional way as possible and I always aim to comply with the spirit and ethics of the law as well as its letter. This means I have always treated your personal data with as much care as I would want my own personal data to be treated.
The recent changes in legislation do not alter things for me, other than I am publishing this privacy notice. I am glad the laws have been tightened up to prevent the abuse of people’s personal data by businesses and other organizations. So if you feel there is a problem with any of the above, it’s probably a genuine oversight on my part and I’d be glad to hear from you about it.
If you have any questions at all, please get in touch at email@example.com.
This page was last revised on: 23rd March 2019